purplemonkeyuk Posted July 9, 2013 Share Posted July 9, 2013 Hi guys First off I am very sorry if this has been covered elsewhere but I have finally got my teeth into PHP and wanted to start testing my knowledge creating test forms for a membership style website. I am in the middle of creating a HTML form for a login, entering a username and password to access my website. Once logged in they can then access a profile page which allows them to update and ammend their unique profile page. All their profile data will be stored in a MySQL database obviously! I have a super user 'Root' configured in PHPmyAdmin, which has privileges that I do not wish to be available to any users except administrators! I would like to create a generic user with restricted access that is assigned to all members who sign up using the signup/login form. Can someone provide information on how to go about doing this... I have searched google for various permutations of "create a restricted user within MySQL php" with no joy on finding a solution to this particular problem. I can create a new user using phpmyadmin, it asks for the following: Username Host Password retype Generate Password Once entered I can then obviously manually configure the privileges of said user. This isn't entirely what I want though! I want to create a user with restricted functions which is assigned to all members who signup. How do I assign this user to new signups and allow them to sign into accessing their specific database data by using their username and password credentials? I think I know that you will say that I will need to create a database with columns of at least "id", "username" and "password" but its the initial MySQL user profile setup and assignment to members that I am stuck with thanks in advance please do not flame me down!!!!!!!! Quote Link to comment Share on other sites More sharing options...
trq Posted July 9, 2013 Share Posted July 9, 2013 How are you planning on letting your "members" access data? You don't normally create accounts on the database server itself and hand them out. You write an application which makes use of a single (or sometimes 2-3) database server accounts then have the application take care of who has what permission. If you really do want people to access mysql directly your in for a hell of a time. Especially if your here asking how to add simple permissions. Quote Link to comment Share on other sites More sharing options...
purplemonkeyuk Posted July 9, 2013 Author Share Posted July 9, 2013 Thanks again TRQ for your assistance on this one! Yes by this I mean I need to create one of those database server accounts. To explain I have one already, in this instance Root with associated password. To solve my problem I think I need to create a second one with restricted privileges, perhaps calling it Member. This 'member' account would have restricted privileges. Surely in order to update a members profile page they will have to have permission to do so under their database server account privileges? I.e. run a login script with it verifying their username and password which allows them to add or ammended stored data within various databases. For instance a user has a Profile page, within this page is a summary text box containing personal information on display. When a user logs in, goes to the profile page they can then edit or add text to their summary text box. The question is do I set it up so they have access under a restricted server account? I'm confused by this. I understand the principle of create a id, username and password database, having users log in with their details and this be verified by a login script but how does this users login information get set as a restricted user account not a root user account? Longwinded question but I hope it makes sense! Quote Link to comment Share on other sites More sharing options...
trq Posted July 9, 2013 Share Posted July 9, 2013 Surely in order to update a members profile page they will have to have permission to do so under their database server account privileges? This is where your misunderstanding lies. You grant your "application" access to your database. It then controls all data entered into and pulled out of the database. For instance, this forum, it uses a single database server account to access the database on behalf of all of the forums users. The programming logic within the forums application itself polices who can write, edit / access what. You can (and often will) create multiple account for the application to use (some being more restrictive than others) however, there is rarely any need to grant a user themselves there own account on the database server. Quote Link to comment Share on other sites More sharing options...
purplemonkeyuk Posted July 9, 2013 Author Share Posted July 9, 2013 Ok... right... So... Next question... I created the user account with restricted privileges call it SLAVE to keep it easy. So i create a php login script to connect MySql as SLAVE. The mysqli_connect requires SLAVES username and password. Does this mean I hard code SALVES details into the function? Therefore when the member logs in with their username and password, the script runs logging in as SLAVE and then checks the database for the submitted members login information, if confirmed correct it then allows them to view their appropriate page? Quote Link to comment Share on other sites More sharing options...
trq Posted July 9, 2013 Share Posted July 9, 2013 That is pretty much the gist of it yeah. Quote Link to comment Share on other sites More sharing options...
purplemonkeyuk Posted July 10, 2013 Author Share Posted July 10, 2013 Than you for the reply, sorry for asking such a noob question, my head was going round in circles where as actually its a fairly easy concept Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.